Wednesday, 3 December 2014

Free Hacking Tools You May Not Be Aware of

Here is a list of Free Hacking Tools that you may not have heard of
1.) Brakeman
is a vulnerability scanner for Ruby on Rails apps that also offers data flow analysis, following values from one part of a program to another. There is no need to set up an entire application stack to use the software, according to Justin Collins, author and maintainer of Brakeman.
While not exceptionally fast, Brakeman purports to be faster than “black box” scanners, with large applications taking mere minutes to scan. Users need to pay attention to false positives, though fixes to aid with them have recently been developed. Brakeman should be used with a website security scanner. Collins has no plans to extend it to other platforms, but developers are encouraged to look at the code.

2.) Cuckoo Sandbox
is an automated dynamic malware analysis system for examining suspicious files in an isolated environment.
“Its main purpose is to automatically execute and monitor the behavior of any given malware when launched inside a Windows virtual machine. When the execution is completed, Cuckoo will further analyze the collected data and produce a comprehensive report that explains what the malware is capable of,” says project founder Claudio Guarnieri.
Generated data includes native function and Windows API call traces, copies of created and deleted files, and a memory dump of the analysis machine. Processing and reporting can be customized, and resulting reports can be generated in various formats, including JSON and HTML. Cuckoo Sandbox began as a Google Summer of Code project in 2010.

3.) MozDef: The Mozilla Defense Platform
The Mozilla Defense Platform, aka MozDef, is aimed at automating the security incident handling process, enabling defenders to get what attackers have had: a real-time, integrated platform to monitor, react, collaborate on and advance their capabilities, according to project author Jeff Bryner.
MozDef expands traditional SIEM (security information and event management) functionality into collaborative incident response, visualizations, and easy integration into other enterprise systems, Bryner says. It uses Elasticsearch, Meteor, and MongoDB to collect a variety of data and retain it in whatever way is suitable. “You can view MozDef as a SIEM overlay on top of Elasticsearch that facilitates security incident response workflows,” Bryner says. The project started out as a proof of concept within Mozilla in 2013.

No comments:

Post a Comment